vulnerability

Oracle Linux: CVE-2022-3570: ELSA-2023-2340: libtiff security update (MODERATE) (Multiple Advisories)

Severity
5
CVSS
(AV:L/AC:L/Au:N/C:N/I:N/A:C)
Published
Feb 24, 2022
Added
May 17, 2023
Modified
Nov 29, 2024

Description

Multiple heap buffer overflows in tiffcrop.c utility in libtiff library Version 4.4.0 allows attacker to trigger unsafe or out of bounds memory access via crafted TIFF image file which could result into application crash, potential information disclosure or any other context-dependent impact
A heap-based buffer overflow flaw was found in Libtiff's tiffcrop utility. This issue occurs during the conversion of a TIFF image file, allowing an attacker to pass a crafted TIFF image file to tiffcrop utility, which causes an out-of-bound access resulting an application crash, eventually leading to a denial of service.

Solution(s)

oracle-linux-upgrade-libtifforacle-linux-upgrade-libtiff-develoracle-linux-upgrade-libtiff-tools
Title
NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.